Media Bypass in a Lync Enterprise Voice Deployment

The ability for Lync media calls to reach their destinations, preferably with the least resistance, is what IT administrators all strive for in the VoIP world. So, when we hear words such as latency, jitter, and packet loss, we cringe because we try to avoid them in the network used for VoIP calls. The question that inevitably comes up is: How can we mitigate latency, jitter, and packet loss? The answer is media bypass.

Enabling media bypass in itself isn't a huge undertaking, but what often gets overlooked are the configuration options that need to be decided upon. So, after I give you a 10,000-foot view of media bypass and discuss its requirements, I'll discuss the configuration options and what they mean in your environment. I'll also discuss media encryption.

10,000-Foot View of Media Bypass

Introduced in Lync Server 2010, media bypass is a feature often used in an Enterprise Voice deployment. It allows calls to flow from the end users' Lync client to a Public Switched Telephone Network (PSTN) gateway through one of the following mechanisms:

Session Initiation Protocol (SIP)/PSTN gateway

Internet Protocol Private Branch Exchange (IP PBX)

Internet Telephony Service Provider (ITSP)

The ability for Enterprise Voice calls to travel from one destination to another without the media traffic traversing the Lync Mediation Server increases the chances for a better audio experience. The Mediation Server, which is responsible for transcoding audio codecs from one version to another, is considered a media termination point in Lync 2013. In the case of the media traffic traveling to the PSTN, Lync attempts to send the media traffic by way of RTAudio (Microsoft's codec for Lync Audio), but it's intercepted by the Mediation Server and sent to the destination in the G.711 format.

The Mediation Server process of transcoding audio codec is taxing on the Lync Front End Server in terms of CPU resources, which could make the voice quality susceptible to media degradation. Media bypass refers to removing the Mediation Server from the media path whenever possible for calls that traverse the Mediation Server. However, Lync calls don't necessarily need to have the PSTN as their destination for media bypass to be applied. You can also enable media bypass for Lync calls that are routed to VoIP phones by way of IP PBX within an organization.

As you can see, the media traffic traverses the Mediation Server. Figure 2 shows what happens when media bypass is enabled.

In this case, the SIP signaling session continues to traverse the Mediation Server, but the media traffic bypasses the Mediation Server and goes directly to the next hop (i.e., connection), which can be an ITSP, IP PBX, or SIP/PSTN gateway. By enabling media bypass, you can reduce latency, eliminate unnecessary codec translations (RTAudio to G.711), and reduce the number of hops (which are points of potential failure)—all of which helps improve VoIP quality.

Media Bypass Requirements

For media bypass to occur, there are a few requirements that must be met in the Lync deployment:

The Mediation Server's next hop must be able to handle multiple forked responses during the media bypass session. This requirement is very important and shouldn't be overlooked. So, when you're choosing an ITSP or contemplating deploying the newest version of your IP PBX or SIP\PSTN gateway, be sure to ask about its ability to handle forked responses.

The Mediation Server's next hop must be able to accept the media traffic directly from the Lync client.

Media Bypass Configuration

In a Lync deployment, media bypass is disabled by default. You can enable it in the Lync Server Control Panel. After you open the control panel, click Network Configuration in the left navigation bar, then double-click Global. Figure 3 shows the Edit Global Setting page, where you can enable media bypass. After you select the Enable media bypass check box, you have two configuration options: Always bypass and Use sites and region configuration.

Always bypass. When you select the Always bypass option, all calls that travel to the Mediation Server will be recognized by the initiating SIP session and all media traffic will be sent directly to the Mediation Server's next hop. The gateways and Lync endpoints must be in the same network site; otherwise, different bypass IDs will be generated. Having endpoints with the same bypass IDs is a key requirement, as it allows the endpoints to communicate with each other.

If you decide to always bypass the Mediation Server, you need to keep the following points in mind:

Outside (remote) traffic coming through the Edge Server will be on a different network and will not use media bypass.

When both call admission control (CAC) and media bypass are enabled for a Lync call, media bypass won't occur for that call. (Enterprise Voice first checks to see if the call is configured for media bypass, after which it checks for any CAC restrictions.)

Use sites and region configuration. When you select the Use sites and region configuration option, media bypass works essentially the same way as it does when you select the Always bypass option, with one exception. When both CAC and media bypass are enabled for a Lync call, media bypass will occur for that call. In any given PSTN call, the client subnet is mapped to a particular site, and the bypass ID for that subnet is extracted. The gateway's subnet is mapped to a particular site, and the bypass ID for that subnet is extracted as well. Only when the two bypass IDs are identical will media bypass occur for the call. If the gateway ID and site ID aren't identical, media bypass will not occur. Note that you'd select the Enable bypass for non-mapped sites option when you have branch sites that are part of regions that don't have any bandwidth constraints.

Media Encryption

After you've configured media bypass for the environment, the final task you need to complete is to change the encryption level supported for media traffic. This setting affects how Lync clients talk to the Mediation Server's next hop during a media bypass session. By default, the encryption level for media traffic is set to Required. When you use media bypass, you need to set it to SupportEncryption. That way, if the Mediation Server's next hop supports encryption, Secure Real-Time Transfer Protocol is used. If not, the Real-Time Transport Protocol is used.

You can use the Lync Server Management Shell to change the encryption level. You just need to run the command:

To make sure the encryption level was changed, you can run the command:

Get-CsMediaConfiguration -Identity global

You should get results like that shown in Figure 4.

Not Quite Out-of-the-Box But It's Worth the Effort

Media bypass for Lync 2013 isn't quite out-of-the-box, but at least it's not like configuring CAC from scratch (sarcastic humor there, in case you didn't catch it). Before making the few configurations needed, you'll need to spend some time planning, especially if you have locations outside a well-connected network. (For example, if you have branch site locations, you'll want to keep the media traffic from traversing the WAN by staying local in the branch site and leaving out the local PSTN.) In the end, enabling media bypass is worth the effort. It will help alleviate packet loss, jitter, and delays so that Lync users experience optimal VoIP calls.

Discuss this Article 1

One problem i do see is if you use media bypass, sounds like you need to ensure that clients have direct communication to your SBC. I've e-mailed some Microsoft folks and from what they tell me, they are uncertain if a client will fall back to using the mediation server if the client can't talk directly to the SBC (our sbc is on private network and mediation servers are on public network).

This is an important detail as imagine you have 50 buildings and each building has security guards. In the event you have a 911 situation you only want to alert the security staff in that building. Well you have to create a new Location Policy for each of those buildings and provide the telephone number of the security staff for that building to the Location Policy assigned to that building. To do this you also need to define the subnet of that building. Thus when media bypass is turned on within your site, clients will immediately try and use media bypass, but what if that subnet can't talk directly to the SBC.....what happens to the call?